Avoid Mask Re-use in Masked Galois Multipliers

Loading...
Thumbnail Image
Authors
Canright, David R.
Subjects
Advisors
Date of Issue
2008
Date
11/26/08
Publisher
Language
Abstract
This work examines a weakness in re-using masks for masked Galois inversion, specifically in the masked Galois multipliers. Here we show that the mask re-use scheme included in our work [1] cannot result in モperfect masking,モ regardless of the order in which the terms are added; explicit distributions are derived for each step. The same problem requires new marks in the subfield calculations, not included in [1]. Hence, for resistance to first-order differential attacks, the masked S-box must use distinct independent masks for input and output bytes of the masked inverterm and new masks in the subfields, resulting in a larger size.
Type
Article
Description
The article of record as published may be located at http://eprint.iacr.org/2009/012
Series/Report No
Department
Applied Mathematics
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections